How do I get an SSL with the autoinstaller? #1248

New Issue

OVERLORD · 2026-02-05T00:23:59+03:00

OVERLORD commented

2026-02-05 00:23:59 +03:00

Originally created by @Nedimko123 on GitHub (Jul 3, 2019).

Hey guys,

I love BookStack, but I just couldn't make it work on the SSL mode.
I installed BookStack via the official script for auto-installing it. So it runs on Apache. When I edited 000-default.conf to the bookstack location it still displayed the same Apache2 Ubuntu Default Page.
We're running it on Ubuntu 18.04 and we have the Cloudflare SSL.

Any idea how to edit it in the bookstack.conf, I've tried
`Listen 443 http
Listen 80
NameVirtualHost *:80
NameVirtualHost *:443
ServerName *:80

<VirtualHost *:443>
ServerName docs.mni.me
ServerAdmin webmaster@localhost
DocumentRoot /var/www/bookstack/public/
SSLEngine on
SSLCertificateFile /Users/myusername/certs/server.crt
SSLCertificateKeyFile /Users/myusername/certs/server.key
<VirtualHost *:80>
SSLEngine off
ServerName docs.mni.me
ServerAdmin webmaster@localhost
DocumentRoot /var/www/bookstack/public/
`

But, then I cannot start the apache server. Any tips on how to enable SSL?

Thanks and cheers,
Nedim!

Originally created by @Nedimko123 on GitHub (Jul 3, 2019). Hey guys, I love BookStack, but I just couldn't make it work on the SSL mode. I installed BookStack via the official script for auto-installing it. So it runs on Apache. When I edited 000-default.conf to the bookstack location it still displayed the same Apache2 Ubuntu Default Page. We're running it on Ubuntu 18.04 and we have the Cloudflare SSL. Any idea how to edit it in the bookstack.conf, I've tried `Listen 443 http Listen 80 NameVirtualHost *:80 NameVirtualHost *:443 ServerName *:80 <VirtualHost *:443> ServerName docs.mni.me ServerAdmin webmaster@localhost DocumentRoot /var/www/bookstack/public/ SSLEngine on SSLCertificateFile /Users/myusername/certs/server.crt SSLCertificateKeyFile /Users/myusername/certs/server.key <VirtualHost *:80> SSLEngine off ServerName docs.mni.me ServerAdmin webmaster@localhost DocumentRoot /var/www/bookstack/public/ ` But, then I cannot start the apache server. Any tips on how to enable SSL? Thanks and cheers, Nedim!

OVERLORD closed this issue

2026-02-05 00:24:00 +03:00

OVERLORD commented

2026-02-05 00:24:06 +03:00

@ssddanbrown commented on GitHub (Jul 3, 2019):

Hi @Nedimko123,

I'd expect your /etc/apache2/sites-available/bookstack.conf file to look something like this with HTTPS enabled:

<VirtualHost *:80>
    ServerName docs.mni.me
    RewriteEngine On
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
	ServerName docs.mni.me
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/bookstack/public/

    SSLEngine on
    SSLCertificateFile      /Users/myusername/certs/server.crt
    SSLCertificateKeyFile   /Users/myusername/certs/server.key

    <Directory /var/www/bookstack/public/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
        <IfModule mod_rewrite.c>
            <IfModule mod_negotiation.c>
                Options -MultiViews -Indexes
            </IfModule>
            RewriteEngine On
            # Handle Authorization Header
            RewriteCond %{HTTP:Authorization} .
            RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
            # Redirect Trailing Slashes If Not A Folder...
            RewriteCond %{REQUEST_FILENAME} !-d
            RewriteCond %{REQUEST_URI} (.+)/$
            RewriteRule ^ %1 [L,R=301]
            # Handle Front Controller...
            RewriteCond %{REQUEST_FILENAME} !-d
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^ index.php [L]
        </IfModule>
    </Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Note, I haven't tested the above though but i've just taken the original script config and tweaked to the bare minimum I thought would be needed for HTTPS. Not really sure if the cloudflare layer causes complications.

On your server you can use the following command to check the apache config once set:

sudo apachectl configtest

That should report any syntax errors. If you've editing the 000-default.conf file and added a custom ServerName you'll need to revert that otherwise the VirtualHosts will conflict (bookstack.conf should be the only file with ServerName docs.mni.me).

Let me know if that helps.

@ssddanbrown commented on GitHub (Jul 3, 2019): Hi @Nedimko123, I'd expect your `/etc/apache2/sites-available/bookstack.conf` file to look something like this with HTTPS enabled: ```apache <VirtualHost *:80> ServerName docs.mni.me RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] </VirtualHost> <VirtualHost *:443> ServerName docs.mni.me ServerAdmin webmaster@localhost DocumentRoot /var/www/bookstack/public/ SSLEngine on SSLCertificateFile /Users/myusername/certs/server.crt SSLCertificateKeyFile /Users/myusername/certs/server.key <Directory /var/www/bookstack/public/> Options Indexes FollowSymLinks AllowOverride None Require all granted <IfModule mod_rewrite.c> <IfModule mod_negotiation.c> Options -MultiViews -Indexes </IfModule> RewriteEngine On # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} (.+)/$ RewriteRule ^ %1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] </IfModule> </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> ``` Note, I haven't tested the above though but i've just taken the original script config and tweaked to the bare minimum I thought would be needed for HTTPS. Not really sure if the cloudflare layer causes complications. On your server you can use the following command to check the apache config once set: ``` sudo apachectl configtest ``` That should report any syntax errors. If you've editing the `000-default.conf` file and added a custom `ServerName` you'll need to revert that otherwise the VirtualHosts will conflict (`bookstack.conf` should be the only file with `ServerName docs.mni.me`). Let me know if that helps.

OVERLORD commented

2026-02-05 00:24:09 +03:00

@Nedimko123 commented on GitHub (Jul 3, 2019):

@ssddanbrown Thanks a lot, mate. That file location was the only thing I couldn't get right.

So if anybody in the future needs help, here is what I did:

-Got an SSL certificate form let's encrypt (sudo add-apt-repository ppa:certbot/certbot, sudo apt install python-certbot-apache ,sudo certbot --apache -d example.com)
-Used the code provided here.
-Restarted Apache (/etc/init.d/apache2 restart, /etc/init.d/apache2 start)
-Working as charm

Thanks again and cheers 👍 ,
Nedim!

@Nedimko123 commented on GitHub (Jul 3, 2019): @ssddanbrown Thanks a lot, mate. That file location was the only thing I couldn't get right. So if anybody in the future needs help, here is what I did: -Got an SSL certificate form let's encrypt (sudo add-apt-repository ppa:certbot/certbot, sudo apt install python-certbot-apache ,sudo certbot --apache -d example.com) -Used the code provided here. -Restarted Apache (/etc/init.d/apache2 restart, /etc/init.d/apache2 start) -Working as charm Thanks again and cheers 👍 , Nedim!

OVERLORD commented

2026-02-05 00:24:15 +03:00

@ssddanbrown commented on GitHub (Jul 3, 2019):

@Nedimko123 Awesome, Happy to hear you got SSL working! Thanks for confirming and posting what you did for others. Will therefore close this.

@ssddanbrown commented on GitHub (Jul 3, 2019): @Nedimko123 Awesome, Happy to hear you got SSL working! Thanks for confirming and posting what you did for others. Will therefore close this.

OVERLORD commented

2026-02-05 00:24:17 +03:00

@troya2 commented on GitHub (Dec 31, 2020):

NOTE: after using certbot to install the certs and modify the config, I had to move the 2 rewrite rules into the Directory block, above the last two bookstack RewriteRules.

The resulting section looks like this:

            RewriteEngine On

            # Handle Authorization Header
            RewriteCond %{HTTP:Authorization} .
            RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

            # redirect to https (added by certbot and moved here by me)
            RewriteCond %{SERVER_NAME} =docs.mydomain.com
            RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

            # Redirect Trailing Slashes If Not A Folder...
            RewriteCond %{REQUEST_FILENAME} !-d
            RewriteCond %{REQUEST_URI} (.+)/$
            RewriteRule ^ %1 [L,R=301]

            # Handle Front Controller...
            RewriteCond %{REQUEST_FILENAME} !-d
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^ index.php [L]

@troya2 commented on GitHub (Dec 31, 2020): NOTE: after using certbot to install the certs and modify the config, I had to move the 2 rewrite rules into the Directory block, above the last two bookstack RewriteRules. The resulting section looks like this: ``` RewriteEngine On # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # redirect to https (added by certbot and moved here by me) RewriteCond %{SERVER_NAME} =docs.mydomain.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} (.+)/$ RewriteRule ^ %1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] ```

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1248